Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

This article describes OpenID Connect in Smart ID Digital Access component.

What is OpenID Connect?

OpenID Connect is a federation technology, comparable with SAML 2.0, that is implemented as an identity layer on top of the OAuth 2.0 protocol.

With OpenID Connect, a range of clients, including Web-based, mobile, and JavaScript clients, can verify the identity of an end-user, based on authentication performed by an authorization server or identity provider (IdP). Clients can also obtain basic profile information about the end-user.

Several digital identities, such as Norwegian BankID and Verimi, are based on OpenID Connect.

OpenID Connect concepts

  • Relying party (RP)
    An OAuth 2.0 client application requiring end-user authentication and claims from an OpenID provider.

  • OpenID provider (OP)
    An OAuth 2.0 authorization server that authenticates the end-user and provides claims to a relying party about the authentication event and the end-user.

  • Claim
    Piece of information asserted about an entity.

  • Scopes
    The permissions a client is allowed to ask for.

  • Authentication request
    An OAuth 2.0 authorization request using extension parameters and scopes defined by OpenID Connect. The request is that the end-user shall be authenticated by the authorization server, which is an OpenID provider, to the client, which is a relying party.